Research On Security Analysis Of SOME/IP Protocol In In-Vehicle Ethernet System

With the close integration of the new generation of smart cars and networks,data communication between onboard devices becomes more frequent and complex,and functional requirements continue to rise.The traditional bus system is gradually difficult to meet the service requirements.In order to solve the impact caused by the slow transmission speed,it has become an inevitable trend to add mature Ethernet technology to the automotive system.In-vehicle Ethernet has been proven to have a high transmission rate,real-time performance,flexibility,and low cost,and is gradually supplementing and replacing the previous bus system.Scalable serviceOriented Middleware over IP(SOME/IP)is a representative in-vehicle Ethernet application layer protocol,because of its service-oriented middleware features,it can meet the needs of most in-vehicle Ethernet Network service requirements,and has strong compatibility,is applicable to a variety of platforms,so it is widely used in the automotive industry.However,studies in recent years have shown that SOME/IP protocol has many security loopholes and is vulnerable to malicious network attacks.At present,research at home and abroad is mainly focused on how to increase security attributes and security proofs,without considering the fundamental internal mechanism.This thesis takes the security of SOME/IP and SOME/IP Service Discovery(SOME/IP-SD)as the research object,combined with Colored Petri Nets(CPN)theory,the abstract protocol interaction Descriptions are translated into intuitive visualizations.An optimized Dolev-Yao attacker model is added to the communication channel to evaluate the security of the protocol.Finally,according to the vulnerability of the two protocols,a security reinforcement scheme and a security protection scheme are respectively proposed.Through analysis,the scheme in this paper can maintain stable performance while satisfying security.The specific research content is as follows:1.Construct a hierarchical CPN model according to the SOME/IP protocol specifications of the vehicle-mounted Ethernet.A Dolev-Yao attacker model after dismantling and merging optimization is introduced to evaluate the security of the protocol.This scheme makes the attacker model more powerful,and greatly reduces the number of transitions and places in the model,reducing its state space.The next step is to use the state space and CPN Meta Language(ML)to analyze the consistency,effectiveness,and correctness of the primitives of the model.Then the security is verified and analyzed to find out the security loopholes of the protocol.2.Aiming at the security loopholes in the SOME/IP protocol,a protocol security reinforcement scheme is proposed.The scheme ensures the correctness and security of key distribution by adding a new authentication step.At the same time,the effective timestamp and random number can ensure the real-time and non-tamperable modification of the message.Then,the effectiveness of the improved scheme is verified.Through analysis,the scheme can safely and effectively improve the security performance of the protocol.Finally,based on the Controller Area Network open environment(CANoe)tool to simulate the real vehicle Ethernet environment,the simulation experiment of the designed security scheme is carried out,and the performance analysis is carried out.3.In order to ensure the transmission of SOME/IP protocol,this paper designs an effective security protection scheme for SOME/IP-SD protocol.In this scheme,the lightweight digital signature mechanism can ensure the security of the message and reduce the risk of eavesdropping and interception,and the hash number and freshness value can ensure the correctness and real-time attributes of the message.After in-depth security testing and performance analysis of the evaluation model,the scheme not only ensures the corresponding security properties but also has strong performance.